Sign-up

ID

VAR-201909-1515


CVE

CVE-2019-13922


TITLE

SINEMA Remote Connect Server Vulnerabilities in the use of weak password hashes

Trust: 0.8

sources: JVNDB: JVNDB-2019-009305

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network

Trust: 2.43

sources: NVD: CVE-2019-13922 // JVNDB: JVNDB-2019-009305 // CNVD: CNVD-2019-31664 // IVD: 6b4a2986-7677-4b8f-b189-40319f7d3fed // VULHUB: VHN-145817

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6b4a2986-7677-4b8f-b189-40319f7d3fed // CNVD: CNVD-2019-31664

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:eqversion:2.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:lteversion:2.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:2.0 sp1

Trust: 0.8

vendor:siemensmodel:sinema remote connect server sp1scope:ltversion:v2.0

Trust: 0.6

vendor:sinema remote connect servermodel: - scope:eqversion:*

Trust: 0.2

vendor:sinema remote connect servermodel: - scope:eqversion:2.0

Trust: 0.2

sources: IVD: 6b4a2986-7677-4b8f-b189-40319f7d3fed // CNVD: CNVD-2019-31664 // JVNDB: JVNDB-2019-009305 // NVD: CVE-2019-13922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13922
value: LOW

Trust: 1.0

NVD: CVE-2019-13922
value: LOW

Trust: 0.8

CNVD: CNVD-2019-31664
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-681
value: LOW

Trust: 0.6

IVD: 6b4a2986-7677-4b8f-b189-40319f7d3fed
value: LOW

Trust: 0.2

VULHUB: VHN-145817
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13922
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-31664
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6b4a2986-7677-4b8f-b189-40319f7d3fed
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-145817
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13922
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-13922
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 6b4a2986-7677-4b8f-b189-40319f7d3fed // CNVD: CNVD-2019-31664 // VULHUB: VHN-145817 // JVNDB: JVNDB-2019-009305 // CNNVD: CNNVD-201909-681 // NVD: CVE-2019-13922

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.0

problemtype:CWE-916

Trust: 0.9

sources: VULHUB: VHN-145817 // JVNDB: JVNDB-2019-009305 // NVD: CVE-2019-13922

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-681

TYPE

other

Trust: 0.8

sources: IVD: 6b4a2986-7677-4b8f-b189-40319f7d3fed // CNNVD: CNNVD-201909-681

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009305

PATCH
title:SSA-884497url:https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
Trust: 0.8
title:Siemens SINEMA Remote Connect Server has an unexplained patchurl:https://www.cnvd.org.cn/patchInfo/show/180409
Trust: 0.6
title:SINEMA Remote Connect Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98248
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-31664 // 
            
            
            
            JVNDB: JVNDB-2019-009305 // 
            
            
            
            CNNVD: CNNVD-201909-681

EXTERNAL IDS
db:NVDid:CVE-2019-13922
Trust: 3.3
db:SIEMENSid:SSA-884497
Trust: 2.3
db:ICS CERTid:ICSA-19-260-02
Trust: 1.4
db:CNNVDid:CNNVD-201909-681
Trust: 0.9
db:CNVDid:CNVD-2019-31664
Trust: 0.8
db:JVNDBid:JVNDB-2019-009305
Trust: 0.8
db:AUSCERTid:ESB-2019.3559
Trust: 0.6
db:IVDid:6B4A2986-7677-4B8F-B189-40319F7D3FED
Trust: 0.2
db:VULHUBid:VHN-145817
Trust: 0.1
sources:
            
            
            IVD: 6b4a2986-7677-4b8f-b189-40319f7d3fed // 
            
            
            
            CNVD: CNVD-2019-31664 // 
            
            
            
            VULHUB: VHN-145817 // 
            
            
            
            JVNDB: JVNDB-2019-009305 // 
            
            
            
            CNNVD: CNNVD-201909-681 // 
            
            
            
            NVD: CVE-2019-13922

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
Trust: 2.3
url:https://www.us-cert.gov/ics/advisories/icsa-19-260-02
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-13922
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13922
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3559/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-31664 // 
            
            
            
            VULHUB: VHN-145817 // 
            
            
            
            JVNDB: JVNDB-2019-009305 // 
            
            
            
            CNNVD: CNNVD-201909-681 // 
            
            
            
            NVD: CVE-2019-13922

SOURCES
db:IVDid:6b4a2986-7677-4b8f-b189-40319f7d3fed
db:CNVDid:CNVD-2019-31664
db:VULHUBid:VHN-145817
db:JVNDBid:JVNDB-2019-009305
db:CNNVDid:CNNVD-201909-681
db:NVDid:CVE-2019-13922

LAST UPDATE DATE
2024-08-14T13:55:08.359000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-31664date:2019-09-16T00:00:00
db:VULHUBid:VHN-145817date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009305date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-681date:2021-10-29T00:00:00
db:NVDid:CVE-2019-13922date:2021-10-28T16:45:54.727

SOURCES RELEASE DATE
db:IVDid:6b4a2986-7677-4b8f-b189-40319f7d3feddate:2019-09-16T00:00:00
db:CNVDid:CNVD-2019-31664date:2019-09-16T00:00:00
db:VULHUBid:VHN-145817date:2019-09-13T00:00:00
db:JVNDBid:JVNDB-2019-009305date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-681date:2019-09-13T00:00:00
db:NVDid:CVE-2019-13922date:2019-09-13T17:15:11.927